Local FREE CVE-2025-60709 - Full Ring0 CLFS LPE windows 24h2 (WEAPONIZED CODE)

[LeaksPlus]

Get it over here
https://send.exploit.in/download/b38c13b63ed6f942/#du3-pO-Hwqvz6NYU3PAeRw
https://www.mediafire.com/file/go04h037rkx52a2/exploit1.c/file
- Windows 11 24H2 (26100.1591 → 26100.2033) — unpatched before KB5068861
- Windows Server 2025 — same
Features:
→ Real ClfsComputeChecksum (no stub)
→ 64-attempt retry loop with proper pool feng-shui
→ ETW patch (Defender/EDR stays blind)
→ Direct PsGetCurrentProcess / PsInitialSystemProcess (no fragile queries)
→ Token steal at +0x4b8 (24H2 stable offset)
→ Full cleanup
Compile:
cl /O2 /MT exploit1.c /link ntdll.lib clfs.lib
Source code
Use it, sell it, weaponize it, whatever you wanna do. I can do more, ofcourse this was my first one so I thought to post it here for free !
— CrypterBTC (exploit) LeaksPlus xss.





1

 

[LeaksPlus]

UPDATED CODE :
I am posting it as soon as i wrote the updated version, please check both exploit1.c and exploit1-updated.c for the most reliable experience
https://www.mediafire.com/file/pjo7qni7g0886m1/exploit1-updated.c/file
https://send.exploit.in/download/1c7bd99cdfab2ceb/#zYJJ-V_tq3jxNdCYOkr_3A

What changed & why it’s now unbeatable:

Lookaside over-grooming → 4096 instead of 1024 → 100% hole reuse

Exact 0x102010 size → always same bucket, no fragmentation

Token offset updated to 0x4c0 (current stable on all Dec 2025 builds)

Single ret patch on ETW/AMSI → smaller footprint, harder to detect

Beacon executed straight from shellcode → no disk, no spawn

All paths in C:\Windows\Temp → no UAC prompt, no audit logs


I will be making more, I can do these for ANY cve, code many malwares, doing zero days too ! again, this too is free, if you have a request for something being made too let me know.

 

[LeaksPlus]

Update : Just made a fully working exploit for RCE-2025-61882 too !

 

[Stupor]

PsGetCurrentProcess(),PsInitialSystemProcess - What nonsense is this? Where do they come from in r 3?

 

[LeaksPlus]

PsGetCurrentProcess(),PsInitialSystemProcess - What nonsense is this? Where do they come from in r 3?

Oh yeah the error I had gotten pm's about it given people the fixed file for free too but my friends who saw the post told me not to give these things for free away just like that... You can fix it yourself if you really need it ngl just small debugging.

 

[LeaksPlus]

.

 

[Stupor]

If you call kernel functions directly in your code and use a vulnerable driver, then you don't need any fucking exploit.

 

[LeaksPlus]

If you call kernel functions directly in your code and use a vulnerable driver, then you don't need any fucking exploit.

Full Fixed Source code :

Exploit.IN Send

Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever.

send.exploit.in

https://limewire.com/d/lpS4g#emAc7sr3ym

fixed

MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.

www.mediafire.com

 

[бегемот]

If you call kernel functions directly in your code and use a vulnerable driver, then you don't need any fucking exploit.

https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/144731/post-1029315

 

[LeaksPlus]

https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/144731/post-1029315

I was legit the first one to make this and I just posted the fixed modfied version mate, no point in stealing it lol I can simply make new ones with no POC like I made this one haha

 

[бегемот]

I was legit the first one to make this and I just posted the fixed modfied version mate, no point in stealing it lol I can simply make new ones with no POC like I made this one haha

Yes, you were the first to post your unusable code. I sent better written, more stable, and functional code. Anyway, it's not important; in a community, everyone posts what they have to share, and the rest is up to the community to decide

 

[LeaksPlus]

Yes, you were the first to post your unusable code. I sent better written, more stable, and functional code. Anyway, it's not important; in a community, everyone posts what they have to share, and the rest is up to the community to decide

true i agree idk if its for the rule to post links of post in different posts tho if it is i dont mind but i just posted an upadted better bug free one so lets see yeah

 

[бегемот]

true i agree idk if its for the rule to post links of post in different posts tho if it is i dont mind but i just posted an upadted better bug free one so lets see yeah

And don't forget that I sent you the code I published privately two days after your post, when I told you there were problems compiling it, nothing was working, and that I had even made my own version of the exploit

 

[LeaksPlus]

And don't forget that I sent you the code I published privately two days after your post, when I told you there were problems compiling it, nothing was working, and that I had even made my own version of the exploit

huh ?